Protection Against Form Modification

Learn about user and role protection, the issues we'll face, make design decisions, and learn to write request tests for the user and role protection.

We'll cover the following...

Preventing form modification
Issues
Design decisions
Request tests

Preventing form modification

There is at least one blind spot in the user and role protection. The project show page has a form that submits a new task. That form is submitted to the TasksController, which doesn’t handle any user-access control. The use case here is a malicious user not going through the web UI but rather creating his own HTTP request and pointing it at the server.

Issues

There are two important issues here, at least from our perspective as Rails Testing Author. First is the habit of noticing when we’re using a resource that’s being accessed as a result of a user request instead of being ...

Introduction

Test-Driven Fable

Test-Driven Development Basics

Test-Driven Rails

Use RSpec to Write Efficient Test Cases in the Rails Application

What Makes a Great Test?

Testing Models

Adding Data to Tests

Using Test Doubles as Mocks and Stubs

Integration Testing with Capybara and Cucumber

Testing JavaScript: Integration Testing

Unit-Testing Javascript

Testing Rails Display Elements

Minitest

Testing for Security

Testing External Services

Troubleshooting and Debugging

Running Tests Faster and Running Faster Tests

Testing Legacy Code

Protection Against Form Modification

Preventing form modification

Issues